b'OFFICE OF INSPECTOR GENERAL\n\nAUDIT OF THE U.S. AFRICAN\nDEVELOPMENT FOUNDATION\xe2\x80\x99S\nFISCAL YEAR 2014\nCOMPLIANCE WITH THE\nFEDERAL INFORMATION\nSECURITY MANAGEMENT ACT\nOF 2002\nAUDIT REPORT NO. A-ADF-15-002-P\nOCTOBER 23, 2014\n\x0cThis is a summary of our report on the \xe2\x80\x9cAudit of the U.S. African Development Foundation\xe2\x80\x99s\nFiscal Year 2014 Compliance With the Federal Information Security Management Act of 2002.\xe2\x80\x9d\nThe Federal Information Security Management Act of 2002 (FISMA) requires agencies to\ndevelop, document, and implement an agency-wide information security program to protect their\ninformation and information systems, including those provided or managed by another agency,\ncontractor, or other source. The act also requires agencies to have an annual assessment of\ntheir information systems.\n\nThe Office of Inspector General (OIG) contracted with the independent certified public\naccounting firm of Brown & Company CPAs, PLLC to conduct the audit. Brown was required to\nconduct the audit in accordance with U.S. Government Auditing Standards. The objective was\nto determine whether the U.S. African Development Foundation (USADF) implemented selected\nminimum security controls for selected information systems in support of FISMA.\n\nThe audit concluded that USADF is in substantial compliance with FISMA and has developed\nand documented the majority of the information security policies and procedures required under\nFISMA. While USADF is in substantial compliance with FISMA, Brown noted a number of\nweaknesses in which management was not following a policy or procedure.\n\nBased on those weaknesses in USADF\xe2\x80\x99s information security controls, OIG made four\nrecommendations to help USADF strengthen its information security program. Management\ndecisions were made on all four recommendations.\n\x0cU.S. Agency for International Development\n       Office of Inspector General\n      1300 Pennsylvania Avenue, NW\n          Washington, DC 20523\n            Tel: 202-712-1150\n            Fax: 202-216-3047\n           http://oig.usaid.gov\n\x0c'